Search for vulnerabilities
Vulnerability details: VCID-7rxr-e74z-ckgd
Vulnerability ID VCID-7rxr-e74z-ckgd
Aliases CVE-2015-8557
GHSA-fff8-4w9p-7v76
PYSEC-2016-32
Summary
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
System Score Found at
cvssv3.1 9.0 http://packetstormsecurity.com/files/133823/Pygments-FontManager._get_nix_font_path-Shell-Injection.html
generic_textual CRITICAL http://packetstormsecurity.com/files/133823/Pygments-FontManager._get_nix_font_path-Shell-Injection.html
epss 0.09142 https://api.first.org/data/v1/epss?cve=CVE-2015-8557
cvssv3.1 9.0 https://bitbucket.org/birkenfeld/pygments-main/pull-requests/501/fix-shell-injection-in/diff
generic_textual CRITICAL https://bitbucket.org/birkenfeld/pygments-main/pull-requests/501/fix-shell-injection-in/diff
cvssv3.1 9.0 http://seclists.org/fulldisclosure/2015/Oct/4
generic_textual CRITICAL http://seclists.org/fulldisclosure/2015/Oct/4
cvssv3.1 9.0 https://github.com/advisories/GHSA-fff8-4w9p-7v76
generic_textual CRITICAL https://github.com/advisories/GHSA-fff8-4w9p-7v76
cvssv3.1 9.0 https://github.com/pygments/pygments
generic_textual CRITICAL https://github.com/pygments/pygments
cvssv3.1 9.0 https://github.com/pygments/pygments/commit/db6dd826f8624179e563aaded391efe824462f51
generic_textual CRITICAL https://github.com/pygments/pygments/commit/db6dd826f8624179e563aaded391efe824462f51
cvssv3.1 9.0 https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2016-32.yaml
generic_textual CRITICAL https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2016-32.yaml
cvssv3.1 9.0 https://nvd.nist.gov/vuln/detail/CVE-2015-8557
generic_textual CRITICAL https://nvd.nist.gov/vuln/detail/CVE-2015-8557
cvssv3.1 9.0 https://security.gentoo.org/glsa/201612-05
generic_textual CRITICAL https://security.gentoo.org/glsa/201612-05
cvssv3.1 9.0 http://www.debian.org/security/2016/dsa-3445
generic_textual CRITICAL http://www.debian.org/security/2016/dsa-3445
cvssv3.1 9.0 http://www.openwall.com/lists/oss-security/2015/12/14/17
generic_textual CRITICAL http://www.openwall.com/lists/oss-security/2015/12/14/17
cvssv3.1 9.0 http://www.openwall.com/lists/oss-security/2015/12/14/6
generic_textual CRITICAL http://www.openwall.com/lists/oss-security/2015/12/14/6
cvssv3.1 9.0 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
generic_textual CRITICAL http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
cvssv3.1 9.0 http://www.ubuntu.com/usn/USN-2862-1
generic_textual CRITICAL http://www.ubuntu.com/usn/USN-2862-1
Reference id Reference type URL
http://packetstormsecurity.com/files/133823/Pygments-FontManager._get_nix_font_path-Shell-Injection.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8557.json
https://api.first.org/data/v1/epss?cve=CVE-2015-8557
https://bitbucket.org/birkenfeld/pygments-main/pull-requests/501/fix-shell-injection-in/diff
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8557
http://seclists.org/fulldisclosure/2015/Oct/4
https://github.com/advisories/GHSA-fff8-4w9p-7v76
https://github.com/pygments/pygments
https://github.com/pygments/pygments/commit/db6dd826f8624179e563aaded391efe824462f51
https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2016-32.yaml
https://nvd.nist.gov/vuln/detail/CVE-2015-8557
https://security.gentoo.org/glsa/201612-05
http://www.debian.org/security/2016/dsa-3445
http://www.openwall.com/lists/oss-security/2015/12/14/17
http://www.openwall.com/lists/oss-security/2015/12/14/6
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.ubuntu.com/usn/USN-2862-1
1276321 https://bugzilla.redhat.com/show_bug.cgi?id=1276321
802828 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802828
USN-2862-1 https://usn.ubuntu.com/2862-1/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/133823/Pygments-FontManager._get_nix_font_path-Shell-Injection.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://bitbucket.org/birkenfeld/pygments-main/pull-requests/501/fix-shell-injection-in/diff
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2015/Oct/4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/advisories/GHSA-fff8-4w9p-7v76
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/pygments/pygments
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/pygments/pygments/commit/db6dd826f8624179e563aaded391efe824462f51
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2016-32.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2015-8557
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/201612-05
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Found at http://www.debian.org/security/2016/dsa-3445
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2015/12/14/17
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2015/12/14/6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Found at http://www.ubuntu.com/usn/USN-2862-1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.9227
EPSS Score 0.09142
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:13:43.303971+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/2862-1/ 36.1.3